public class CreateVpnConnectionRequest
extends com.aliyun.tea.TeaModel
| 限定符和类型 | 字段和说明 |
|---|---|
Boolean |
autoConfigRoute
Specifies whether to automatically configure routes.
|
String |
bgpConfig
This parameter is supported when you create an IPsec-VPN connection in single-tunnel mode.
|
String |
clientToken
The client token that is used to ensure the idempotence of the request.
|
String |
customerGatewayId
When you create an IPsec-VPN connection in single-tunnel mode, this parameter is required.
|
Boolean |
effectImmediately
Specifies whether to immediately start IPsec negotiations.
|
Boolean |
enableDpd
This parameter is available if you create an IPsec-VPN connection in single-tunnel mode.
|
Boolean |
enableNatTraversal
This parameter is available if you create an IPsec-VPN connection in single-tunnel mode.
|
Boolean |
enableTunnelsBgp
This parameter is available if you create an IPsec-VPN connection in dual-tunnel mode.
|
String |
healthCheckConfig
This parameter is available if you create an IPsec-VPN connection in single-tunnel mode.
|
String |
ikeConfig
This parameter is available if you create an IPsec-VPN connection in single-tunnel mode.
|
String |
ipsecConfig
This parameter is available if you create an IPsec-VPN connection in single-tunnel mode.
|
String |
localSubnet
The CIDR block of the virtual private cloud (VPC) that needs to communicate with the on-premises database.
|
String |
name
The name of the IPsec-VPN connection.
|
String |
ownerAccount |
Long |
ownerId |
String |
regionId
The ID of the region where the IPsec-VPN connection is created.
|
String |
remoteCaCertificate
This parameter is available if you create an IPsec-VPN connection in single-tunnel mode.
|
String |
remoteSubnet
The CIDR block of the on-premises database that needs to communicate with the VPC.
|
String |
resourceOwnerAccount |
Long |
resourceOwnerId |
List<CreateVpnConnectionRequest.CreateVpnConnectionRequestTags> |
tags
The tag value.
|
List<CreateVpnConnectionRequest.CreateVpnConnectionRequestTunnelOptionsSpecification> |
tunnelOptionsSpecification
The tunnel configurations.
|
String |
vpnGatewayId
The ID of the VPN gateway.
|
| 构造器和说明 |
|---|
CreateVpnConnectionRequest() |
@NameInMap(value="AutoConfigRoute") public Boolean autoConfigRoute
Specifies whether to automatically configure routes. Valid values:
true
@NameInMap(value="BgpConfig") public String bgpConfig
This parameter is supported when you create an IPsec-VPN connection in single-tunnel mode.
BGP configuration:
BgpConfig.EnableBgp: specifies whether to enable BGP. Valid values: true and false (default).
BgpConfig.LocalAsn: the autonomous system number (ASN) on the Alibaba Cloud side. Valid values: 1 to 4294967295. Default value: 45104.
You can enter a value in two segments separated by a period (.). Each segment is 16 bits in length. Enter the number in each segment in decimal format.
For example, if you enter 123.456, the ASN is 8061384. The ASN is calculated by using the following formula: 123 × 65536 + 456 = 8061384.
BgpConfig.TunnelCidr: The CIDR block of the IPsec tunnel. The CIDR block must belong to 169.254.0.0/16 and the subnet mask is 30 bits in length.
The CIDR block of the IPsec tunnel for each IPsec-VPN connection on a VPN gateway must be unique.
LocalBgpIp: the BGP address on the Alibaba Cloud side. It must be an IP address that falls within the CIDR block of the IPsec tunnel.
example:
- Before you add BGP configurations, we recommend that you learn about how BGP works and the limits. For more information, see VPN Gateway supports BGP dynamic routing.
- We recommend that you use private ASN to establish BGP connections to Alibaba Cloud. Refer to the relevant documentation for the private ASN range.
{"EnableBgp":"true","LocalAsn":"45104","TunnelCidr":"169.254.11.0/30","LocalBgpIp":"169.254.11.1"}
@NameInMap(value="ClientToken") public String clientToken
The client token that is used to ensure the idempotence of the request.
You can use the client to generate the token, but you must make sure that the token is unique among different requests. The token can contain only ASCII characters.
example:If you do not specify this parameter, the system automatically uses the request ID as the client token. The request ID may be different for each request.
02fb3da4-130e-11e9-8e44-001****
@NameInMap(value="CustomerGatewayId") public String customerGatewayId
When you create an IPsec-VPN connection in single-tunnel mode, this parameter is required.
The ID of the customer gateway.
example:cgw-p0w2jemrcj5u61un8****
@NameInMap(value="EffectImmediately") public Boolean effectImmediately
Specifies whether to immediately start IPsec negotiations. Valid values:
false
@NameInMap(value="EnableDpd") public Boolean enableDpd
This parameter is available if you create an IPsec-VPN connection in single-tunnel mode.
Specifies whether to enable the dead peer detection (DPD) feature. Valid values:
true
@NameInMap(value="EnableNatTraversal") public Boolean enableNatTraversal
This parameter is available if you create an IPsec-VPN connection in single-tunnel mode.
Specifies whether to enable NAT traversal. Valid values:
true
@NameInMap(value="EnableTunnelsBgp") public Boolean enableTunnelsBgp
This parameter is available if you create an IPsec-VPN connection in dual-tunnel mode.
Specifies whether to enable the BGP feature for the tunnel. Valid values: true and false. Default value: false.
example:true
@NameInMap(value="HealthCheckConfig") public String healthCheckConfig
This parameter is available if you create an IPsec-VPN connection in single-tunnel mode.
The health check configuration:
{"enable":"true","dip":"192.168.10.1","sip":"10.10.1.1","interval":"3","retry":"3"}
@NameInMap(value="IkeConfig") public String ikeConfig
This parameter is available if you create an IPsec-VPN connection in single-tunnel mode.
The configurations of Phase 1 negotiations:
IkeConfig.Psk: The pre-shared key that is used for authentication between the VPN gateway and the on-premises database.
The key must be 1 to 100 characters in length and can contain digits, letters, and the following characters: ~!\\`@#$%^&*()_-+={}[]|;:\\",.<>/?
If you do not specify a pre-shared key, the system generates a random 16-character string as the pre-shared key. You can call the DescribeVpnConnection operation to query the pre-shared key that is generated by the system.
The pre-shared key of the IPsec-VPN connection must be the same as the authentication key of the on-premises database. Otherwise, the on-premises database and the VPN gateway cannot establish a connection.
IkeConfig.IkeVersion: the version of the Internet Key Exchange (IKE) protocol. Valid values: ikev1 and ikev2. Default value: ikev1.
Compared with IKEv1, IKEv2 simplifies the security association (SA) negotiation process and is more suitable for scenarios in which multiple CIDR blocks are used.
IkeConfig.IkeMode: the negotiation mode of IKE. Valid values: main and aggressive. Default value: main.
IkeConfig.IkeEncAlg: the encryption algorithm that is used in Phase 1 negotiations.
Valid values: aes, aes192, aes256, des, and 3des. Default value: aes.
IkeConfig.IkeAuthAlg: the authentication algorithm that is used in Phase 1 negotiations.
Valid values: md5, sha1, sha256, sha384, and sha512. Default value: md5.
IkeConfig.IkePfs: the Diffie-Hellman (DH) key exchange algorithm that is used in Phase 1 negotiations. Valid values: group1, group2, group5, and group14. Default value: group2.
IkeConfig.IkeLifetime: the SA lifetime determined by Phase 1 negotiations. Unit: seconds. Valid values: 0 to 86400. Default value: 86400.
IkeConfig.LocalId: the identifier of the VPN gateway. The value can be up to 100 characters in length. The default value is the IP address of the VPN gateway.
IkeConfig.RemoteId: the identifier of the customer gateway. The value can be up to 100 characters in length. The default value is the IP address of the customer gateway.
{"Psk":"1234****","IkeVersion":"ikev1","IkeMode":"main","IkeEncAlg":"aes","IkeAuthAlg":"sha1","IkePfs":"group2","IkeLifetime":86400,"LocalId":"47.XX.XX.1","RemoteId":"47.XX.XX.2"}
@NameInMap(value="IpsecConfig") public String ipsecConfig
This parameter is available if you create an IPsec-VPN connection in single-tunnel mode.
The configurations of Phase 2 negotiations:
IpsecConfig.IpsecEncAlg: the encryption algorithm that is used in Phase 2 negotiations.
Valid values: aes, aes192, aes256, des, and 3des. Default value: aes.
IpsecConfig. IpsecAuthAlg: the authentication algorithm that is used in Phase 2 negotiations.
Valid values: md5, sha1, sha256, sha384, and sha512. Default value: md5.
IpsecConfig. IpsecPfs: the DH key exchange algorithm that is used in Phase 2 negotiations. Valid values: disabled, group1, group2, group5, and group14. Default value: group2.
IpsecConfig. IpsecLifetime: the SA lifetime that is determined by Phase 2 negotiations. Unit: seconds. Valid values: 0 to 86400. Default value: 86400.
{"IpsecEncAlg":"aes","IpsecAuthAlg":"sha1","IpsecPfs":"group2","IpsecLifetime":86400}
@NameInMap(value="LocalSubnet") public String localSubnet
The CIDR block of the virtual private cloud (VPC) that needs to communicate with the on-premises database. The CIDR block is used in Phase 2 negotiations.
Separate multiple CIDR blocks with commas (,). Example: 192.168.1.0/24,192.168.2.0/24.
The following routing modes are supported:
This parameter is required.
example:10.10.1.0/24,10.10.2.0/24
@NameInMap(value="Name") public String name
The name of the IPsec-VPN connection.
The name must be 1 to 100 characters in length and cannot start with http:// or https://.
IPsec
@NameInMap(value="OwnerAccount") public String ownerAccount
@NameInMap(value="OwnerId") public Long ownerId
@NameInMap(value="RegionId") public String regionId
The ID of the region where the IPsec-VPN connection is created. You can call the DescribeRegions operation to query the most recent region list.
This parameter is required.
example:cn-shanghai
@NameInMap(value="RemoteCaCertificate") public String remoteCaCertificate
This parameter is available if you create an IPsec-VPN connection in single-tunnel mode.
The certificate authority (CA) certificate. If the VPN gateway is of the ShangMi (SM) type, you need to configure a CA certificate for the peer gateway device.
-----BEGIN CERTIFICATE----- MIIB7zCCAZW**** -----END CERTIFICATE-----
@NameInMap(value="RemoteSubnet") public String remoteSubnet
The CIDR block of the on-premises database that needs to communicate with the VPC. The CIDR block is used in Phase 2 negotiations.
Separate multiple CIDR blocks with commas (,). Example: 192.168.3.0/24,192.168.4.0/24.
The following routing modes are supported:
This parameter is required.
example:10.10.3.0/24,10.10.4.0/24
@NameInMap(value="ResourceOwnerAccount") public String resourceOwnerAccount
@NameInMap(value="ResourceOwnerId") public Long resourceOwnerId
@NameInMap(value="Tags") public List<CreateVpnConnectionRequest.CreateVpnConnectionRequestTags> tags
The tag value.
The tag value can be an empty string and cannot exceed 128 characters in length. It cannot start with aliyun or acs:, and cannot contain http:// or https://.
Each tag key corresponds to one tag value. You can specify up to 20 tag values in each call.
@NameInMap(value="TunnelOptionsSpecification") public List<CreateVpnConnectionRequest.CreateVpnConnectionRequestTunnelOptionsSpecification> tunnelOptionsSpecification
The tunnel configurations.
true
@NameInMap(value="VpnGatewayId") public String vpnGatewayId
The ID of the VPN gateway.
This parameter is required.
example:vpn-bp1q8bgx4xnkm****
public static CreateVpnConnectionRequest build(Map<String,?> map) throws Exception
Exceptionpublic CreateVpnConnectionRequest setAutoConfigRoute(Boolean autoConfigRoute)
public Boolean getAutoConfigRoute()
public CreateVpnConnectionRequest setBgpConfig(String bgpConfig)
public String getBgpConfig()
public CreateVpnConnectionRequest setClientToken(String clientToken)
public String getClientToken()
public CreateVpnConnectionRequest setCustomerGatewayId(String customerGatewayId)
public String getCustomerGatewayId()
public CreateVpnConnectionRequest setEffectImmediately(Boolean effectImmediately)
public Boolean getEffectImmediately()
public CreateVpnConnectionRequest setEnableDpd(Boolean enableDpd)
public Boolean getEnableDpd()
public CreateVpnConnectionRequest setEnableNatTraversal(Boolean enableNatTraversal)
public Boolean getEnableNatTraversal()
public CreateVpnConnectionRequest setEnableTunnelsBgp(Boolean enableTunnelsBgp)
public Boolean getEnableTunnelsBgp()
public CreateVpnConnectionRequest setHealthCheckConfig(String healthCheckConfig)
public String getHealthCheckConfig()
public CreateVpnConnectionRequest setIkeConfig(String ikeConfig)
public String getIkeConfig()
public CreateVpnConnectionRequest setIpsecConfig(String ipsecConfig)
public String getIpsecConfig()
public CreateVpnConnectionRequest setLocalSubnet(String localSubnet)
public String getLocalSubnet()
public CreateVpnConnectionRequest setName(String name)
public String getName()
public CreateVpnConnectionRequest setOwnerAccount(String ownerAccount)
public String getOwnerAccount()
public CreateVpnConnectionRequest setOwnerId(Long ownerId)
public Long getOwnerId()
public CreateVpnConnectionRequest setRegionId(String regionId)
public String getRegionId()
public CreateVpnConnectionRequest setRemoteCaCertificate(String remoteCaCertificate)
public String getRemoteCaCertificate()
public CreateVpnConnectionRequest setRemoteSubnet(String remoteSubnet)
public String getRemoteSubnet()
public CreateVpnConnectionRequest setResourceOwnerAccount(String resourceOwnerAccount)
public String getResourceOwnerAccount()
public CreateVpnConnectionRequest setResourceOwnerId(Long resourceOwnerId)
public Long getResourceOwnerId()
public CreateVpnConnectionRequest setTags(List<CreateVpnConnectionRequest.CreateVpnConnectionRequestTags> tags)
public List<CreateVpnConnectionRequest.CreateVpnConnectionRequestTags> getTags()
public CreateVpnConnectionRequest setTunnelOptionsSpecification(List<CreateVpnConnectionRequest.CreateVpnConnectionRequestTunnelOptionsSpecification> tunnelOptionsSpecification)
public List<CreateVpnConnectionRequest.CreateVpnConnectionRequestTunnelOptionsSpecification> getTunnelOptionsSpecification()
public CreateVpnConnectionRequest setVpnGatewayId(String vpnGatewayId)
public String getVpnGatewayId()
Copyright © 2024. All rights reserved.